revil – Page 2 – PossibleThreat Articles

The Ransomware Threat Intelligence Center

March 17, 2022 0 Comments active adversary, astrolocker, atom silo, avaddon, avos locker, black kingdom, blackmatter, conti, cring, darkside, dearcry, dharma, egregor, entropy, epsilon red, featured, gandcrab, karma, lockbit, lockfile, maze, memento, midas, nefilim, netwalker, python, ragnar locker, ragnarok, Ransomware, revil, robbinhood, ryuk, SamSam, security operations, snatch, sophos threat report, WannaCry, wastedlocker

Credit to Author: Tilly Travers| Date: Thu, 17 Mar 2022 09:13:50 +0000

A collection of Sophos threat research articles and security operations reports related to new or prevalent ransomware groups from 2018 to the present. The content will be updated as new research is published

MalwareBytes Security

“We absolutely do not care about you”: Sugar ransomware targets individuals

February 8, 2022 0 Comments cl0p, cl0p ransomware, encoded01, encoded01 ransomware, marcelo rivero, peter antonov, Ransomware, revil, revil ransomware, scop encryption algorithm, simeon maltchev, stream cipher, sugar ransomware

Credit to Author: Jovi Umawing| Date: Tue, 08 Feb 2022 14:04:51 +0000

They call it Sugar ransomware, but it’s not sweet in any way.

Categories: Ransomware

Tags: Cl0p Cl0P ransomware Encoded01 Encoded01 ransomware Marcelo Rivero Peter Antonov ransomware revil REvil ransomware SCOP encryption algorithm Simeon Maltchev stream cipher Sugar ransomware

Independent Krebs Security

Who Wrote the ALPHV/BlackCat Ransomware Strain?

February 2, 2022 0 Comments @cookiedays, A Little Sunshine, alphv ransomware, binrs, blackcat ransomware, blackmatter, Breadcrumbs, catalin cimpanu, darkside, duckerman, duckermanit, flashpoint, jason hill, Ne'er-Do-Well News, paul roberts, ramp, recorded future, reversinglabs, revil, sergey duck, sergey kryakov, sergey penchikov, smiseo, the record, tox, varonis, ybcat

Credit to Author: BrianKrebs| Date: Fri, 28 Jan 2022 13:18:36 +0000

In December 2021, researchers discovered a new ransomware-as-a-service named ALPHV (a.k.a. “BlackCat”), considered to be the first professional cybercrime group to create and use a ransomware strain in the Rust programming language. In this post, we’ll explore some of the clues left behind by the developer who was reputedly hired to code the ransomware variant.

Independent Krebs Security

At Request of U.S., Russia Rounds Up 14 REvil Ransomware Affiliates

February 2, 2022 0 Comments andrey sergeevich bessonov, colonial pipeline, darkside, dmitri alperovitch, FSB, gandcrab, immersive labs, kevin breen, Ne'er-Do-Well News, notpetya, president biden, Ransomware, revil, roman gennadyevich muromsky, The Coming Storm, vladimir putin

Credit to Author: BrianKrebs| Date: Fri, 14 Jan 2022 22:41:34 +0000

The Russian government said today it arrested 14 people accused of working for “REvil,” a particularly aggressive ransomware group that has extorted hundreds of millions of dollars from victim organizations. The Russian Federal Security Service (FSB) said the actions were taken in response to a request from U.S. officials, but many experts believe the crackdown is part of an effort to reduce tensions over Russian President Vladimir Putin’s decision to station 100,000 troops along the nation’s border with Ukraine.

Security Sophos

REvil ransomware exploiting VPN flaws made public last April

January 8, 2020 0 Comments bad packets report, malware, pulse secure, Ransomware, revil, security threats, Sodinokibi, vpn, vulnerability

Credit to Author: John E Dunn| Date: Wed, 08 Jan 2020 12:39:53 +0000

Researchers report flaws, vendors issue patches, organisations apply them – and everyone lives happily ever after. Right? Wrong!<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/FOp5i99FBQk” height=”1″ width=”1″ alt=””/>

Independent Krebs Security

Ransomware at IT Services Provider Synoptek

December 27, 2019 0 Comments Ransomware, revil, Sodinokibi, synoptek

Credit to Author: BrianKrebs| Date: Sat, 28 Dec 2019 01:49:05 +0000

Synoptek, a California business that provides cloud hosting and IT management services to more than a thousand customer nationwide, suffered a ransomware attack this week that has disrupted operations for many of its clients, according to sources. The company has reportedly paid a ransom demand in a bid to restore operations as quickly as possible. Irvine, Calif.-based Synoptek is a managed service provider that maintains a variety of cloud-based services for more than 1,100 customers across a broad spectrum of industries, including state and local governments, financial services, healthcare, manufacturing, media, retail and software. The company employs nearly a thousand employees and brought in more than $100 million in revenue in the past year.

Independent Krebs Security

Ransomware Gangs Now Outing Victim Businesses That Don’t Pay Up

December 16, 2019 0 Comments bleepingcomputer, lawrence abrams, maze ransomware, Ransomware, revil, Sodinokibi, The Coming Storm

Credit to Author: BrianKrebs| Date: Tue, 17 Dec 2019 02:21:23 +0000

As if the scourge of ransomware wasn’t bad enough already: Several prominent purveyors of ransomware have signaled they plan to start publishing data stolen from victims who refuse to pay up. To make matters worse, one ransomware gang has now created a public Web site identifying recent victim companies that have chosen to rebuild their operations instead of acquiescing to their tormentors.

Independent Krebs Security

Ransomware at Colorado IT Provider Affects 100+ Dental Offices

December 7, 2019 0 Comments complete technology solutions ransomware, herb miner, medix dental, PerCSoft, Ransomware, revil, Sodinokibi, thomas terronez

Credit to Author: BrianKrebs| Date: Sat, 07 Dec 2019 21:17:24 +0000

A Colorado company that specializes in providing IT services to dental offices suffered a ransomware attack this week that is disrupting operations for more than 100 dentistry practices, KrebsOnSecurity has learned. Multiple sources affected say their IT provider, Englewood, Colo. based Complete Technology Solutions (CTS), was hacked, allowing a potent strain of ransomware known as “Sodinokibi” or “rEvil” to be installed on computers at more than 100 dentistry businesses that rely on the company for a range of services — including network security, data backup and voice-over-IP phone service.

MalwareBytes Security

Threat Spotlight: Sodinokibi ransomware attempts to fill GandCrab void

July 19, 2019 0 Comments 177a571d7c6a6e4592c60a78b574fe0e, bf9359046c4f5c24de0a9de28bbabd14, caas, Cisco Talos, crime-as-a-service, CVE-2018-8453, CVE-2019-2725, e713658b666ff04c9863ebecb458f174, FruitArmor APT, gandcrab, Heaven's Gate, malvertising, managed service providers, msp hack, Oracle WebLogic vulnerability, raas, Ransom.Sodinokibi, Ransomware, Ransomware as a Service, revil, salsa20, shadow copy, sodin, Sodinokibi, Threat spotlight, volume snapshot service, vss, Win32k vulnerability, zero-day vulnerability

Credit to Author: Jovi Umawing| Date: Thu, 18 Jul 2019 17:58:26 +0000

There’s a new ransomware-as-a-service (RaaS) in town, and it can twist tongues for giggles as much as twist organizations’ arms for cash. Get to know the Sodinokibi ransomware, including how to protect against this fledgling threat.

Categories:

Threat spotlight

Tags: 177a571d7c6a6e4592c60a78b574fe0e bf9359046c4f5c24de0a9de28bbabd14 caas Cisco Talos crime-as-a-service CVE-2018-8453 CVE-2019-2725 e713658b666ff04c9863ebecb458f174 FruitArmor APT gandcrab Heaven’s Gate malvertising managed service providers msp hack Oracle WebLogic vulnerability raas Ransom.Sodinokibi ransomware Ransomware as a Service revil salsa20 shadow copy sodin Sodinokibi volume snapshot service vss Win32k vulnerability zero-day vulnerability